Risk management

ABSTRACT

A risk management process is provided that has steps of defining a risk by providing: (a) a descriptive title; (b) a risk impact value; and (c) a likelihood value. (a), (b), and (c) are then set as a first set of initial conditions for the risk. A node for the risk is then established with the first set of initial conditions associated therewith. Steps 1 and 2 are then repeated on a possible further risk. If the initial conditions obtained are not identical with the initial conditions of the node the descriptive titles are compared and if the descriptive titles are not identical, a further node is established with initial conditions determined for that possible further risk. If the descriptive titles are identical, both the impact values and the likelihood values are compared and if one of those impact or likelihood values is identical, the initial conditions of that possible further risk are associated with the risk node. If neither of the impact values and likelihood values is identical, then an additional risk node is established with the initial conditions for that risk as initially determined for that possible further risk. The established nodes permit identification of the risks, and the subsequent tracking of the risks.

FIELD OF THE INVENTION

This invention relates to risk management and relates particularly butnot exclusively to a computerised process for managing a plurality ofrisk events over time. The process may be applied manually withoutcomputer assistance, however, it is particularly preferred that theinvention be implemented in a computer environment.

DESCRIPTION OF PRIOR ART

Organisations such as large government instrumentalities that providepublic services have involved risk management processes to manage therisk environment in which the organisation is operating. Risk managementprocesses are not unique or confined to large governmentinstrumentalities. Typically, a risk environment for an organisation isdynamic, interrelated and complex. Typically an organisation will beexposed to many threats and uncertainties in its day to day operations.These threats/uncertainties interrelate in many complex and unknown orunpredictable ways. Accordingly, the management of a risk environmentfor an organisation is very complex and difficult to profile and trackover time.

Current methods and approaches to identifying risks work on theassumption that risks are simple self-contained objects with clearboundaries that separate them from non-risk aspects of an environment.Therefore, under this belief, identifying risks is simply a process offinding or spotting them within an environment/situation, as if one wereto sift through a plate of wheat and pick out and remove the bad seeds.

This conception of risk has worked well historically because the conceptof risk was applied to situations where identifying and classifyingrisks were easy. For example we can easily identify the (downside) riskin a game of chance. This is simply the product of the amount I bet andthe odds of losing that amount. We can easily achieve a clear,unambiguous definition of risk for this situation. Similarly, in thefields of finance and insurance, the simple approach to identifyingrisks is also applied successfully. This is because fixed categories ofrisk are easy to establish, such as interest rate risk and commodityprice risk. These risks have clear static boundaries and meanings.

However, when we move out of these highly structured environments intocomplex human system environments, such as the systems of interactionthat occur within an organisation, identifying risk under thetraditional concepts and approaches becomes highly problematic.

The problematic nature of current risk identification approaches can beunderstood through the fundamental characteristics of human systems.Human systems are highly complex chaotic systems; they are extremelydifficult to map and it is impossible to predict how the interactionswill evolve into the future. Risk is a human experience. If humans arenot present, there is no risk. Human interaction is a form of humanexperience. Therefore, risk is closely tied to the interactions in humansystems. It then follows that risk will exhibit the same complex chaoticpatterns as the human interactions it is derived from.

For example, lets look at the human system interactions at a procurementdepartment within an organisation. Lets assume it is responsible formanaging suppliers and ensuring timely delivery of key supplies that areused by the organisation to produce an end product. Even though thereare standards and procedures in place to govern the interactions, on aday-to-day basis, there is a virtual infinite array of interactions,events and situations that could unfold in unpredictable ways.Therefore, since risk is tied to these interactions (experiences),pre-defining or classifying (in other words identifying) the risks inthis area becomes an almost impossible exercise.

If for example we define a ‘supplier risk’ (e.g. a significantdisruption to key supplies), it is unclear what is contained within thisdefinition, and what is outside the definition. We have no clearboundaries that can be used to state, “this is ‘suppler risk’, and thatis XYZ risk.”

Can a potential strike at a distribution route between the supplier andour organisation, be defined as ‘supplier risk’, bearing in mind thatthe type of disruption to supplies it may cause is different in some wayfrom what might have been initially understood as ‘supplier risk’? Whatabout a legal threat to the supplier (from another organisation), whichmay cause a disruption to supplies, but also may cause a legal issue forus; is this also defined under ‘supplier risk’ or is it another risk?What about a solvency risk or cash flow risk to our organisation thatstems from a shortage of supplies (that is, a shortage of suppliescauses shortage of goods to sell, which intern causes a shortage of cashcoming in the door); is this supplier risk, is it cash flow risk, or isit something else?

It is quite simple to go on for a short while and build up a complexmesh of risks that seem to overlap, interconnect and basically confuseand blur the lines of definition. It then becomes extremely difficult toidentify, sort, assess, and collate these risks in simple and meaningfulways.

Other approaches that may try to overlook this ‘mesh of risks’ andinstead concentrate on looking at business continuity planning (BCP) incase of disruption (whatever form the disruption may be) are producingBCPs with potentially significant gaps in their treatment plans.Whatever BCP is developed, it still needs to take account of the typesof possible failures (therefore risks) that can occur; otherwise thecontingency plans may not be suitable. Therefore, we have returned backto the initial problem of identifying and defining risks.

The key problem is that human systems are highly complex chaoticsystems, and using the current simplistic and unstructured methods foridentifying risks is a poor way to represent risk in these systems.

The simplistic and unstructured way we identify risks also createscritical gaps in any picture we attempt to build of the risk ‘terrain’faced by an organisation. Because the risks faced by an organisation arecomplex and multi-layered, under a traditional approach to identifyingrisks we will often miss some of the key ‘perspectives’ and ‘layers’ ofrisks. The simplistic unstructured methods for identifying will tend toencourage us to look for simple, orderly categories of risks, such assupplier risk, reputation risk, theft risk, safety risk, etc. Thesignificant danger here is that once risks are identified under theseapproaches, people will subconsciously stop perceiving otherperspectives and variations on an identified risk.

For example we may identify a ‘supplier risk’ to the organisation, intowhich all supplier related risks are captured. This category will thentend to dictate our perception and thinking about ‘supplier’ risks. Thatis we will stop seeing subtle, but potentially critical variations andnuances of ‘supplier’ risk because they won't fit into the simpledefinition of suppler risk, nor will they fit into other adjacentdefinitions/category of risk. Therefore, they ‘slip through the cracks’.We now get to the situation of ‘out of sight out of mind’. Thereforecritical and important risk ‘perspectives’ are hidden from theorganisation's radar, until it's too late.

OBJECT AND STATEMENTS OF THE INVENTION

There is a need for a process that identifies and tracks risk exposureswithin an environment that may be complex and dynamic.

Therefore according to a first broad aspect of the invention, there maybe provided a risk management process for identification and tracking ofa plurality of risks, said management process having at least thefollowing steps:

-   -   1. defining a risk by providing:        -   (a) a descriptive title;        -   (b) a risk impact value; and        -   (c) a likelihood value    -   2. setting (a), (b), and (c) as a first set of initial        conditions for the risk;    -   3. establishing a node for the risk with the first set of        initial conditions associated therewith;    -   4. repeating steps 1 and 2 on a possible further risk;    -   5. determining if the initial conditions obtained in step 4 are        identical with the initial conditions of the node established in        step 3; and if the initial conditions are not identical,        comparing the descriptive titles and        -   (i) if the descriptive titles are not identical,            establishing a further node with initial conditions            determined at step 2 for that possible further risk or        -   (ii) if the descriptive titles are identical, comparing both            the impact values and the likelihood values and            -   (a) if one of those impact or likelihood values is                identical, associating the initial conditions of that                possible further risk with the risk node established at                step 3 as a further initial condition; and            -   (b) if neither of the impact values and likelihood                values is identical, establishing an additional risk                node with the initial conditions for that risk as                determined at step 2 for that possible further risk.

Whereby the established nodes permit identification of the risks, andthe subsequent tracking of the risks.

Preferably, the processes is repeated with possible further risks, andstep (5) is performed by comparing the initial conditions of thepossible further risks with the initial conditions of all nodes thatexist at that time.

Most preferably the descriptive title in step (1) is defined by threedescriptive title sub sets being:

-   -   (i) Type    -   (ii) Location and    -   (iii) Source

Preferably step 5(ii) requires all three sub sets to be identical,before the step of comparing both the impact values and the likelihoodvalues results in either the association as in step 5(ii)(a) orestablishing of a further risk node as in step 5(ii)(b).

Preferably when one or more associated further initial conditions areestablished for a risk node, a step of changing the overall risk valuesin that node is performed so that a changed overall risk value thenassumes the risk value of the initial condition that has the higher ofthe impact value or the likelihood value.

Preferably if a third risk is attempted to be associated with a risknode and one of the impact values or likelihood values does notcorrespond with one or both of the established initial conditions forthat node, then there is either performed the step of:

establishing a new risk node with the initial conditions for that newrisk node being the initial conditions of the third risk, or the step of

disassociating an initial condition of one of the two initial conditionsestablished for the risk node, and establishing a new risk node so thata new risk node has both the initial condition of the disassociatedinitial condition and the initial condition of the third risk associatedtherewith, and wherein either the impact values or the likelihood valuesof those two initial conditions agree with each other for that new risknode.

Preferably there is also provided the step of re-assessing risk valuesof an initial condition of a node, said re-assessing then being based ona changed initial condition, and wherein following a re-assessment

-   -   (i) if the impact value nor the likelihood value agree with the        previous values then establishing a further new node with        initial conditions of the re-assessed risk whilst leaving the        original risk node with an associated initial condition that has        not been changed consequent on the re-assessment.

Preferably if following re-assessment there is a match of either theimpact value or the likelihood value, then the overall risk node valuefor the node is re-established based on the changed initial condition.

Preferably there is also provided the further step of applying atreatment to an existing node, said treatment affecting either or boththe impact value and/or the likelihood value of the overall risk valueof the existing node, and wherein if the treatment is to affect theimpact value, causing the resulting impact value to assume a valuedetermined by the difference between the impact value of the overallrisk value of that node and the impact value of the treatment,

and wherein if the treatment is to affect the likelihood value, causingthe resulting likelihood value of the overall risk value to assume avalue determined by the likelihood value of the treatment.

Preferably there is also provided the further step of providing multipletreatments to a risk node and wherein each treatment follows the rulesstated previously for affecting the impact value or the likelihood valueof the overall risk value.

If required a single treatment may have multiple levels that may beindividually activated.

Preferably, each level may be sequenced within the treatment.

Further, each level may be non-sequenced.

Preferably for sequenced treatments, the overall risk value iscumulatively adjusted for the impact value and assumes the likelihoodvalue of the current treatment level.

Preferably for non-sequenced treatments, the overall risk value isrepresented by the treatment values of the current treatment level.

According to an even further aspect of the present invention, there isprovided a computer system programmed to operate in a way to perform theprocess steps recited previously.

In accordance with a further broad aspect of the present invention,there is provided a memory medium containing data that will cause acomputer system to be programmed to operate according to the processsteps previously recited.

BRIEF DESCRIPTION OF THE DRAWINGS

In order that the invention can be more clearly ascertained, one examplewill now be described with reference to the accompanied drawings for usein an electrical power distribution environment. The invention hasapplication to an organisation performing any function where there arerisks. It is not to be considered limited to an electrical power supplyenvironment for example. In the drawings:

FIG. 1 is a diagram showing an example of a plurality of risk nodes,initial conditions attached to the nodes, and risk treating activitiesapplied to the nodes, in accordance with the example.

FIGS. 2 and 3 are functional flow diagrams showing creation of risknodes'.

FIGS. 4 through 34 are diagrams explaining nodes and initial conditionsand treatments,

FIG. 35 is a functional flow diagram of the total process of theexample, and

FIG. 36 is a diagram showing changes in risk, and a notification that atreatment of the risk may need re-assessment.

Typically an organisation will be exposed to many threats anduncertainties in its day to day operations and as it attempts to realiseopportunities and meet its goals and objectives.

These underlying threats and uncertainties are not static and willchange or evolve in unpredictable non-linear ways. An organisation willalso react to these threats and uncertainties in a variety of ways,therefore adding further complexity to how the threats and uncertaintieschange and evolve. All this amounts to creating a very complex anddynamic risk environment which any (large) organisation must face.Accordingly, the problem faced by organisations is how to identify andtrack its risk exposures over time and in an effective manner.

In the present invention, a node is created which represents a possiblerisk. Risk nodes will capture an overall value (risk exposure levelssuch as impact and likelihood) from attached initial conditions andtreatments which are sources of risk information about the risksituation the risk node is representing.

The sources of risk information represent data/information or knowledgeon activities and experiences of the organisation that relate to risksituations the organisation may be facing.

In the example to be described hereinafter, there are two types of riskinformation. These are:

-   -   (1) initial conditions; and    -   (2) treating activities

An initial condition is risk information that may come from anassessment performed specifically for a pre-defined risk, or othersources of information such as a general assessment not necessarilyperformed for a specific risk.

‘Initial condition’ is risk information (and risk values) about a risk,but does not include any risk information about any treating activitythat may be currently applied to that risk. The key defining aspect of‘initial condition’ risk information is that the risk values (e.g.impact and likelihood) do not include any data from any currentlyapplied treatment or yet to be applied treatment to the risk.

Therefore if a treatment has been applied to a risk, and becomes apermanent fixture in the environment of the risk, and is no longerregarded as an activity that is currently treating the risk, then it canbe included in any subsequent initial condition risk information valuesfor that risk.

A treating activity can be any action that is designed to mitigate therisk in some way (this is a standard concept in risk management). Themitigation will in someway involve the lowering (or in some cases thecomplete removal) of the risk exposure levels (i.e. the risk values).Importantly, any risk values that are used in the treating activity riskinformation must not also be part of any initial condition risk valuesused for that risk node. The risk node becomes the central point atwhich the effects of the activities of the risk treatment adjust thecurrent overall risk value (impact and likelihood) for that risk node.

Accordingly, a node is created with a descriptive title and at least oneinitial condition. An initial condition comprises an impact value and alikelihood value for the particular risk. Thus, for a node, there arethree risk components being:

-   -   (i) a descriptive title;    -   (ii) impact value; and    -   (iii) likelihood value.

FIG. 1 shows the relationship of each of the nodes with associatedinitial conditions and treatments applied to the nodes.

FIG. 2 shows a functional flow diagram of how a risk node is created orhow an existing risk node has a second or subsequent initial conditionassociated therewith. Here, data of a risk is processed to provide adescriptive title, an impact value and a likelihood value. Thedescriptive title may have three subsets as described previously andthis will be explained in due course. FIG. 2 functionally shows that thedata representing the risk information has a potential initial conditionfor a possible already existing node. Accordingly, a process of checkingfor a descriptive match of the titles of the new initial condition andthe title of the risk initial condition for an existing node occurs. Ifthere is no match, then a new node is created as a further risk event.This new node will then inherit its descriptive title, its impact value,and its likelihood value from the initial condition of that risk.

If there is a match with the descriptive title, then a check is made ofthe values of the impact value and likelihood value to see if there arematches with those of the initial conditions already existing for thenode for which there is a title match. If there is no match of theimpact value or treatment value, even though there has been a match ofthe descriptive title, then a new node is created inheriting the impactvalues and likelihood values from the new risk information.

If, on the other hand, there is a match of one of the impact values, orthe likelihood values (and not a match of both the impact value andlikelihood value) then that new risk is associated with the existingnode as a further set of initial conditions. Accordingly, the risk nodeis then updated with an associated initial condition so that the risknode then has two initial conditions.

If the impact value and likelihood value both match then the existingnode is not changed by a further associated initial condition, andneither is a new node created.

Referring now to FIG. 3, there is shown a functional flow diagram of howa descriptive title is broken down into subsets and how a match isdetermined for further processing in the system shown in FIG. 2. FIG. 3clearly shows that initial condition has a descriptive title comprisedof:

-   -   (i) TYPE;    -   (ii) LOCATION; and    -   (iii) SOURCE        The TYPE of the event is information about the nature of the        event. For example, a risk of “power failure” has a specific        meaning, which refers to the loss of electrical power to some        aspect of the organisations operation. Therefore, the        classification of “power failure” is different and has a        different meaning to the type of event identified by “raw        material disruption”, which may be defining a potential problem        with the acquisition of raw material. Further, the definition of        “major power failure” could have a different meaning to “power        failure“, if the word “major” is inferring a different        qualitative or quantitative value from just “power failure”.        Accordingly, the TYPE in the descriptive title is risk        information that applies to initial conditions.

LOCATION refers to a specific point in the organisations sphere ofoperation and vision. This location can be either a physical or logicallocation. For example, “power failure at systems control” refers to aspecific location. That is the systems control department, which may behoused in specific building. “Power failure at company ABC” has adifferent meaning again. Accordingly, even though “system control” maybe within company ABC, the location is different because it representssomething different from just system control.

SOURCE refers to a source that is creating the risk or example, “powerfailure at systems control from weather extremes” may be stating thatbad weather is the source of power failure risk in this case. This couldbe high winds, heavy rain, etc, as this may cause the power cables tobreak. Accordingly, “power failure at systems control through localfauna activity” is different from previous examples because it isrepresenting a risk from local wild life such as rodents, which may eatthe power cable insulation. Accordingly, by defining the descriptivetitle with TYPE, LOCATION and SOURCE, then an accurate description ofthe content of the risk event may be obtained.

The system shown in FIG. 3 checks for a descriptive match; it tests forTYPE, LOCATION and SOURCE as shown in FIG. 3. If any one of those threedescriptive title subsets does not result in a match, then a new node iscreated, and that new node inherits the descriptive title and the impactvalue and likelihood values of that particular initial condition. Ifthere is a match however, then the process outlined in the flow diagramof FIG. 3 continues.

By observing FIG. 3, it can be seen that potentially new riskinformation is received as an initial condition and is checked fordescriptive title match and for matching values of the impact value andthe likelihood value for that particular risk. In other words, thepotential new risk initial condition information is compared with theinitial conditions established at various nodes. Accordingly, after atitle match is determined and one or more nodes selected because of thetitle match, then the impact values and likelihood values of each of theassociated initial conditions, is then checked for a match. In thisprocess, a match is required with either the impact value or thelikelihood value of an already attached initial condition at a node.

FIG. 4 shows a risk node representing risk A which has an initialcondition 1 attached thereto. A potential new risk represented by aninitial condition is then checked and in the case shown in FIG. 4, thereis a match of the impact values (where each of the impact values isshown by numeral 10). Accordingly, the new or second initial conditioncan then attach or be associated with the existing node together withthe initial condition 1.

FIG. 5 shows a further example but, in this case, the likelihood valuesmatch and are represented by numeral, 0.2. Accordingly, the risk A atthe node then has two initial conditions associated therewith.

FIG. 6 shows an arrangement where two separate risk nodes areprovided—for risk A and risk B. This occurs because neither the impactvalues or the likelihood values match.

FIG. 7 shows a further example at a risk node where the likelihoodvalues match but where the overall risk value takes on the value of theimpact values for initial condition 2.

FIG. 8 shows situation similar to that of FIG. 7 except that in thiscase the impact values match and the overall risk value at the nodetakes on the likelihood value of initial condition 1.

FIG. 9 shows a mathematic combination arrangement that is not permittedin the system.

FIG. 10 shows the situation that occurs in the example, with a nonmathematical combination approach. Here, it can be seen that whilst thedescriptive titles match, neither the impact values or the likelihoodvalues match. Accordingly, separate nodes are provided for each of riskA and risk B.

The preceding discussion has assumed that a node has only one initialcondition attached thereto, and that a potential new risk could beassociated with the node as an initial condition 2. If however, the nodealready has associated with it an initial condition 1 or an initialcondition 2, and a further possible new risk is processed and there is amatch of the descriptive titles, then there may be a slightly differentoutcome as explained hereinafter. In this case, with a node having twoor more initial conditions and the possibility of a third initialcondition attached thereto, there can be two or more results that occur.

FIG. 11 shows a first solution A in this case. Here a node, being forrisk A is shown with an attached initial condition 1 and an attachedinitial condition 2. A third initial condition is attempted to be added.In this case for the initial condition 1, there is an impact value of 20and a likelihood value of 0.4. For initial condition 2 there is animpact value of 20 and a likelihood value of 0.2. For the initialcondition 3, there is an impact value of 15 and a likelihood value of0.2. Accordingly, the likelihood value of initial condition 2corresponds with the likelihood value of the new risk represented byinitial condition 3, but these do not correspond with the likelihoodvalue of 0.5 of the initial condition 1. Accordingly, a solution isprovided in this matching process to provide a new risk B, with a newnode which has an attached initial condition 3 as its sole initialcondition.

FIG. 12 shows a solution B for the same sets of initial condition 3.Here, the risk A is represented by initial condition 1 and initialcondition 2 as described in FIG. 11. When initial condition 3 iscompared and matched, then it matches only with a likelihood value of0.2 for initial condition 2. Accordingly, in this scenario, initialcondition 2 is separated from the node representing risk A, and attachedor associated with a node newly created for risk B. This new nodetherefore has associated with it, initial condition 2 and initialcondition 3. The node representing risk A is then represented only bythe initial condition 1.

Initial condition risk values may change over time. For example afurther assessment of a risk environment can produce an update of riskvalue results. This is represented by FIG. 13 which shows that attime=1, risk node A has an overall risk value with an impact value of 20and a likelihood value of 0.5 which it has inherited from initialcondition 1. Also, at time=1, initial condition 1 has had its value forlikelihood changed from 0.5 to 0.15.

FIG. 14 shows that at time=2, because the initial condition 1 value nolonger produces the highest overall value for the risk node, the overallvalue of the risk node also changes so that it takes the value frominitial condition 2.

As explained previously, a treatment can only attach to an existing risknode. Therefore, a treatment is targeted to a specific node or nodes andthe treatment can treat any of the risk values eg. impact or likelihood.

FIG. 15 shows how a treatment can be associated with a particular risknode. In this case, the treatment represents treating values for impactvalues only. In this case, the treating values is 8.

FIG. 16 shows the overall risk value changed for the node with a newimpact value of 12 but with a likelihood value of 0.5 being the originallikelihood value. Accordingly, in this example, the treatment onlyaffects the impact value, and the impact value assumed for the overallrisk is the difference between the initial condition attached to therisk node and the treating value.

FIG. 17 shows a treatment representing a treatment for the likelihoodonly where the treatment likelihood value is 0.15. In this case, theoverall risk node value has an impact value of 20 and a likelihood valueof 0.5.

FIG. 18 shows the arrangement after the treatment has occurred andmitigated the risk represented by the node. In this case, the treatinglikelihood value is 0.15 and that treats the likelihood value of 0.5 ofthe initial condition associated with the node. Accordingly, the overallrisk node value is changed to have an impact value of 20 (being theoriginal impact value), with a changed likelihood value of 0.15.

FIG. 19 shows a treatment that treats both impact values and likelihoodvalues. In FIG. 19, the overall risk value is shown having an impactvalue of 20 and a likelihood value of 0.5. After the treatment occurs,there is a changed condition shown by FIG. 20 where the overall riskvalue has an impact value of 12 and a likelihood value of 0.25.

Accordingly, it can seen that the impact value of the overall risk isrepresented by the difference between the initial condition impact valueand the treating impact value. The new likelihood value then assumes thelikelihood value of the treatment rather than the likelihood value ofthe initial condition 1. Thus, the new likelihood value is thelikelihood value of the treatment, whereas the new impact value is thedifference between the initial condition impact value 20 and thetreating value 8, which shows a new overall risk event value having animpact value of 12.

Multiple treatments can also be applied to nodes simultaneously.

FIG. 21 shows a risk node with treatment A and treatment B. The overallrisk value of the node for the risk event is impact value 20 andlikelihood value of 0.5.

FIG. 22 shows the results after treatment A completes its mitigation andprior to treatment B being effected. Here, the overall risk value ischanged to have an impact value of 17 with a likelihood value of 0.5.Again, the new overall risk value, having an impact value of 17,represents the difference between the original impact value 20 of theinitial condition for the risk event node and the treating impact value3.

FIG. 23 shows the results after treatment B has completed its mitigationon the risk A. It should also be noted that treatment B treats impactvalues and likelihood values. In this case, after treatment B hasoccurred, the overall risk value has an impact value of 13 and alikelihood value of 0.25. In this case, the node, having had treatment Aapplied thereto, has an impact value of 17 and a likelihood value of 0.5as shown in FIG. 22. After application of treatment B, the overall riskvalue has an impact value of 13, being the difference between thetreating impact value 4 for treatment B and the overall risk valuehaving an impact value of 17. In addition, treatment B treats likelihoodvalues as well, and in this case, the new likelihood value representsthe value of the treatment.

It should be appreciated that treatments can have multiple phase levels,and that each phase level can also potentially have mitigating effectson a treatment which can be measured and tracked for the risk event.Multi phase level treatments can take two forms being either sequencedor non-sequenced treatment.

A sequenced treatment could represent a project having several keyphases. Each phase, once completed, will then take some predeterminedmitigating effect on the overall risk event values. This incrementaleffect can be captured through a sequenced treatment model on theoverall risk event, and it is shown in FIGS. 24, 25, and 30. FIG. 24shows a risk node for a risk A with an attached or associated initialcondition. There are two phases of possible future treatments shown inFIG. 24.

FIG. 25 shows the treatment after phase 1. Here, phase one has an impactvalue of 4 and a likelihood value of 0.35. The initial associatedcondition has an impact value of 20 and a likelihood value of 0.5. Inthis case after completion of phase one treatment, the overall riskvalue for the node is changed to an impact value of 16 and a likelihoodvalue of 0.35. Accordingly, the impact value for the overall risk valueis represented by the difference between the previous impact value 20and the treatment phase one impact value of 4. Accordingly, the overallrisk value of the impact value is changed to 16. The likelihood value of0.35 for the overall risk assumes the likelihood value of the phase onetreatment.

FIG. 26 shows the situation after completion of phase two. Here, theoverall risk value has changed to an impact value of 10, being thedifference between the impact value for the overall risk, shown in FIG.25, of 16, and the phase two impact value of 6. In other words, the newoverall risk impact value is 10. The likelihood value then changes tothe phase two likelihood value. In other words the treatments arecumulatively adjusted with each phase so the overall risk value of thenode is cumulatively adjusted.

Non-sequenced treatments are shown in FIGS. 27, 28 and 29. Non-sequencedtreatments represent treatments that can occur or manifest themselves atany time and don't follow any predetermined sequence. For example, amaintenance treatment activity of a risk may have several known states(levels) each of which will have a certain treating effect on the risk.Only one level will be active at any point in time. The rule previouslyexplained for the adjustment of the overall risk values is againfollowed. For non-sequenced treatments, the overall risk value of thenode is adjusted to assume the risk value of the phase of the treatment.

Treatments can occur to several risks and are not confined to singlerisks or single nodes. This is depicted in FIGS. 30 and 31. Again, thepreviously stated rules are changing the impact values and thelikelihood values. The treating effects from the treatment can bedifferent for different nodes. FIG. 30 shows that for risk node A, thetreating values are 10 for impact and 0.5 for likelihood, whereas forrisk node B, the same treatment will have a different treating affect,i.e. a treating impact of 15 and a treating likelihood of 0.25. FIG. 31shows the results of the treatment effect on each of the risk nodes inaccordance with the previously stated rules.

FIG. 32 shows a further option that can be set with regard to atreatment. Here, a treatment END DATE can be set so that a date can bespecified at which the treatment will cease for a risk node. FIG. 32also shows that two further treatment settings can be applied at the enddate. A first setting is to keep the treatment values that areapplicable at the time the treatment ends. If this option is chosen,then the treating effects are absorbed into all of the conditionsattached to the risk node. Therefore, the overall risk node valuesremain the same as if the treatment is still attached but the treatmentitself has been removed. From then on, the values of the node can bechanged as described previously. If the removed treating values optionis chosen, then once the treatment end date has passed, the treatingeffect on the risk node is removed, and the risk node returns to anoverall risk value that is determined by the attached initial conditionsat that time and as described previously.

A choice of options is available with the “location” subset of thedescriptive title of a node. As set out above, a risk node is definedthrough three descriptive subsets being:

-   -   1. TYPE    -   2. LOCATION    -   3. SOURCE

A location subset requires a choice to be made between two options sothat the option can be associated with the “location”. These optionsare:

-   -   1. Exclusive to this location. Here the risk node is only        associated with this location.    -   2. Include all subordinate or link locations below it. In this        case the risk node is associated with this location, and all        other locations that are subordinate will be embraced.

If the first option is chosen—exclusive to this location—then the rulespreviously described for the node still apply. If the second option ischosen—include all subordinate or link locations below it—thenadditional rules for defining uniqueness of a risk node apply. FIGS. 33and 34 show these options functionally. FIG. 33 shows that a potentiallynew risk node B cannot be allowed because it will be regarded as part ofrisk node A, because the “type” and “source” are the same as risk nodeA, and risk node A has been set to the option to include all thesubordinate or link locations below it. Thus, any locations that aresubordinate or linked will not be tested for uniqueness on either its“location” subset or its risk value. A test for the uniqueness will onlybe established through the “type” subset and the “source” subset asdescribed previously. Therefore, if a risk node B is attempted to bedefined at a location below a risk node A that has been set to thesecond option to include all subordinate locations or link locations,and the “type” subset and the “source” subset are the same, then the newnode B will not be regarded as unique and its creation will not bepermitted.

FIG. 35 shows a high level functional flow diagram for the creation ofrisk nodes from initial conditions and the process for handling updatesto risk node values when a treatment is already applied to the risknode.

FIG. 35 shows that if an existing risk node has a new initial conditionattached, and through a comparison of that initial condition's riskvalues with the risk node's overall risk values it is found that theinitial condition's risk values are greater, then the overall value ofthe risk node will require updating. However, before this can beperformed a check is performed to determine if a treatment is currentlyapplied to the risk node. If there is a treatment applied to the risknode, then the effects of the treatment on the risk node need to bereassessed to determine if the treating effects of the treatment wouldstill be applicable given that the overall node value is to be changed.That is, the attached treatment has been applied to the node and atreating effect (e.g. lowering the impact or likelihood value of thenode) has been determined based on the current value of the risk node.Therefore, if the risk node value were to be changed (be it through anew initial condition, attachment or an update to an existing initialcondition risk values), then the applied treatment must be re-assessedto determine whether the treating effect will still be valid against thenew risk node values, or whether the treatment will need to be removed,modified or left unchanged.

As depicted in FIG. 35, a flag is raised if there is an attachedtreatment and the overall node values require change. This flag isapplied to the risk node to inform the risk node owner/user that theattached treatment needs to be re-assessed to determine if its treatingeffects are still valid under the changed risk node values. The nodeowner/user will then decide and apply the appropriate action, at whichpoint the flag is removed.

It should therefore be noted that the above described example processesrisks in a particular way and with particular rules, to enable a managedand controllable environment for risk management. The system is dynamicin the sense that it accommodates for multiple node creation andmultiple initial conditions that can be associated with one or morenodes. Further, treatments can be applied across the nodes as required.

This approach is designed to allow an organisation to developperspectives of risk exposure that best fit their current situationwithin their human system. Rather than attempt to build a pre-definedpicture of risk and or specific categories of risk, risks are simplydefined by the “descriptive title”, the “risk impact value”, and the“likelihood value”. The “descriptive title” has three sub-sets being (1)Type (2) Location and (3) Source. In other words, as the interactionsevolve, and the personnel of the organisation experience differentinteractions, they can define subtle but critical differences emergingin the material threats to the organisation, as they perceive them.

In the table below a series of risks are shown with different levels ofrelationship between the risks. In each example, the risks areindependent of each other, only the relationship to each other changes.Extent of Relationship Between Risks Example Identified Risk CommentsNo 1. Supply disruption at There is no relationship Relationship InboundGoods through between these two risks. Transport Strike 2. Power failureat Production Plant B through Weather extremes Some 1. Supply disruptionat There is a relationship Relationship Inbound Goods through throughthe location of Transport Strike these two risks. 2. Power failure atInbound Goods through Weather extremes Moderate 1. Supply Disruption atThere is a stronger Relationship Inbound Goods through relationshipbetween Transport Strike these two risks. Both 2. Supply disruption atrelate to supply Inbound Goods through disruptions at inbound Weatherextremes goods. Strong 1. Supply disruption at In this case theRelationship Inbound Goods through relationship is Transport Strikestrongest between these Rating = ‘Caution’ two risks. Both relate Impact= $100,000 to a very similar type 2. Supply Disruption at of risksituation, but Inbound Goods through are defining a different TransportStrike size (effects). In this Rating = ‘Low Caution’ case as in all theother Impact = $500,000 above, the risks are unique, only the level ofrelationship has changed.Using the above method for identifying/defining a risk, an organisationis less likely to have material gaps in its picture of the materialrisks it faces, because a far greater range of organisational personnelwill be able capture their own perspectives on risk exposures theorganisation faces.

Using the above risk identification will also create the opportunity fora more effective approach to treating risks. A treatment for a risk issome action that is designed to in some way mitigate the exposure tothat risk. Therefore, the risk needs to be identified first before atreatment action can be applied to it. If risks for an organisation aredefined under the traditional models, then it is likely that there willbe many ‘holes’ in the picture of the risks that the organisation faces.Many subtle (but often critical) variations to the risks identified willnot be picked up under the ‘coarse’, traditional identifying approaches.Therefore, any treatments designed to target these risks will also besomewhat coarse responses; they can only target what they know.

For example, a treatment designed to target a ‘supplier risk’ (e.g.major disruption to supplies of raw material) will only be able tostructure a response that either alleviates a potential disruption withsome contingency/work around plan, and/or target the potential source ofthe threat in an attempt to lower the likelihood of that risk occurring.In this case, the risk is identified rather coarsely, so a treatmentwill not be aware of say, potential legal implications of a certain typeof supplier risk. Nor will the treatment be able to treat the likelihoodof a potential problem to, say, the supplier's key provider who might behaving difficulties working with our supplier, and therefore cause oursupplier problems with production of its goods.

‘Natural conditions’ can be represented in a condition object. Forexample dealing with a key supplier will have many natural conditionsthat may generate risks. A natural condition could be the behaviour ofthe distribution network. Some aspect of the behaviour of thedistribution network could be represented in a condition, for example astrike threat. This condition object could then be used to create a‘risk node’, which is used to define a risk and represent the potentialimpact to the organisation and likelihood of that impact occurring.

Over time the behaviour of the distribution network will change, thestrike threat could become greater or less of a threat. In either casethis change in the state of the natural conditions (and therefore theconditions representing them) can be reflected in the states of specificrisk nodes (i.e. defined and measured potential effects on theorganisation).

Accordingly, treatments can be devised to mitigate these risks in someway (e.g. reduce the potential impact and/or lower the likelihood of theevent occurring). Treatments will typically go through a stage of beingdeveloped and initiated, through to being fully implemented. Forexample, a plan is devised to sign up a backup supplier to provide acertain amount of goods in case of a strike in the distribution network.This plan is initiated and it may then take a number of weeks (ormonths) before the agreements are in place and a new backup network isestablished.

Once this treatment is implemented, the risks that are being targetedwill change in some way to reflect the treating effect of thetreatments.

Naturally, the change experienced by the organisation is not limited tothese levels. Lets say a change occurs in the behaviour of the maindistribution network after the treatment has been initiated, but beforeit has been fully implemented. For example, the threat of the strike hasbecome far greater (e.g. it has broaden to involve potentially otherareas, therefore its end effect could be far greater than firstperceived), or far less of an issue (e.g. an agreement has been work outwith the unions and dramatically lowered the threat of a strike).

In either case this situation will result in a potential conflict withthe current treating program. That is the proposed treatment may now beeither inadequate to deal with the new state of the risk situation, orit may be an overkill for the new state of the risk. The basic rules ofinteraction will in these situations notify the appropriate person(s)about the apparent conflict and request him/her to adjudicate on theappropriateness of the treatment under the new conditions. If thetreatments are appropriate, they will continue to perform theirfunctions on the risks they are targeting, otherwise, they may beadjusted, removed, or replaced with some other treating effect that maybe more appropriate. This is shown diagrammatically in FIG. 36.

This new mechanism provides the benefit of enabling an organisation tomange and track complex change across many different risks. Theorganisation can also develop a far more responsive approach to the wayit applies treatment actions to mitigate risks. As shown in FIG. 36, thesystem provides the ability to notify appropriate personnel when atreatment that is being applied to a risk may require a re-assessment.

Typically, the above process is implemented in a software programresident in a computer. The software program may be provided on a datastorage medium with a set of operating instructions for the computerprogram itself. As new risks and/or treatments are perceived, then theycan be entered into the computer system so that they interact in theways described previously.

Modifications may be made to the invention as would be apparent topersons skilled in the risk management art and/or computer arts. Forexample, the terminology adopted for the various descriptive titles maybe changed. The impact values and/or likelihood values may assumedifferent titles. The effect however, for each of these will be the sameas described in the terms used should be considered broadly to embraceall such variations in naming.

These and other modifications may be made without departing from theambit of the invention, the nature of which is to be determined from theforegoing description.

1. A risk management process for identification and tracking of aplurality of risks, said management process having at least thefollowing steps:
 1. defining a risk by providing: (a) a descriptivetitle; (b) a risk impact value; and (c) a likelihood value
 2. setting(a), (b), and (c) as a first set of initial conditions for the risk; 3.establishing a node for the risk with the first set of initialconditions associated therewith;
 4. repeating steps 1 and 2 on apossible further risk;
 5. determining if the initial conditions obtainedin step 4 are identical with the initial conditions of the nodeestablished in step 3; and if the initial conditions are not identical,comparing the descriptive titles and (i) if the descriptive titles arenot identical, establishing a further node with initial conditionsdetermined at step 2 for that possible further risk or (ii) if thedescriptive titles are identical, comparing both the impact values andthe likelihood values and (c) if one of those impact or likelihoodvalues is identical, associating the initial conditions of that possiblefurther risk with the risk node established at step 3 as a furtherinitial condition; and (d) if neither of the impact values andlikelihood values is identical, establishing an additional risk nodewith the initial conditions for that risk as determined at step 2 forthat possible further risk. Whereby the established nodes permitidentification of the risks, and the subsequent tracking of the risks.2. A process as claimed in claim 1 wherein the process steps arerepeated with possible further risks, and step (5) is performed bycomparing the initial conditions of the possible further risks with theinitial conditions of all nodes that exist at that time.
 3. A process asclaimed in claim 1 wherein the descriptive title in step (1) is definedby three descriptive title sub sets being: (i) Type (ii) Location and(iii) Source
 4. A process as claimed in claim 3 wherein process step5(ii) requires all three sub sets to be identical, before the step ofcomparing both the impact values and the likelihood values results ineither the association as in step 5(ii)(a) or establishing of a furtherrisk node as in step 5(ii)(b).
 5. A process as claimed in claim 1wherein when one or more associated further initial conditions areestablished for a risk node, a step of changing the overall risk valuesin that node is performed so that a changed overall risk value thenassumes the risk value of the initial condition that has the higher ofthe impact value or the likelihood value.
 6. A process as claimed inclaim 2 wherein if a third risk is attempted to be associated with arisk node and one of the impact values or likelihood values does notcorrespond with one or both of the established initial conditions forthat node, then there is either performed the step of: establishing anew risk node with the initial conditions for that new risk node beingthe initial conditions of the third risk, or the step of disassociatingan initial condition of one of the two initial conditions establishedfor the risk node, and establishing a new risk node so that a new risknode has both the initial condition of the disassociated initialcondition and the initial condition of the third risk associatedtherewith, and wherein either the impact values or the likelihood valuesof those two initial conditions agree with each other for that new risknode.
 7. A process as claimed in claim 1 wherein there is also providedthe step of re-assessing risk values of an initial condition of a node,said re-assessing then being based on a changed initial condition, andwherein following a re-assessment (ii) if neither the impact value northe likelihood value agree with the previous values then establishing afurther new node with initial conditions of the re-assessed risk whilstleaving the original risk node with an associated initial condition thathas not been changed consequent on the re-assessment.
 8. A process asclaimed in claim 7 wherein if following re-assessment there is a matchof either the impact value or the likelihood value, then the overallrisk node value for the node is re-established based on the changedinitial condition.
 9. A process as claimed in claim 1 wherein there isalso provided the further step of applying a treatment to an existingnode, said treatment affecting either or both the impact value and/orthe likelihood value of the overall risk value of the existing node, andwherein if the treatment is to affect the impact value, causing theresulting impact value to assume a value determined by the differencebetween the impact value of the overall risk value of that node and theimpact value of the treatment, and wherein if the treatment is to affectthe likelihood value, causing the resulting likelihood value of theoverall risk value to assume a value determined by the likelihood valueof the treatment.
 10. A process as claimed in claim 9 wherein there isalso provided the further step of providing multiple treatments to arisk node and wherein each treatment follows the rules stated previouslyfor affecting the impact value or the likelihood value of the overallrisk value.
 11. A process as claimed in claim 10 wherein a singletreatment may have multiple levels that may be individually activated.12. A process as claimed in claim 11 wherein each level may be sequencedwithin the treatment.
 13. A process as claimed in claim 11 wherein eachlevel may be non-sequenced within the treatment.
 14. A process asclaimed in claim 12 wherein an overall risk value is cumulativelyadjusted for the impact value and assumes the likelihood value of thecurrent treatment level.
 15. A process as claimed in claim 13 wherein anoverall risk value is represented by the treatment values of the currenttreatment level.
 16. A computer system programmed to operate in a wayto, in use, perform the process steps recited in claim
 1. 17. A memorymedium containing computer instruction data that will cause a computersystem to be programmed to, in use, operate according to the processsteps recited in claim 1.